ATNA Cipher Test

[Moore, Steve]

The ATNA Cipher test was written by me and will be evaluated by me (only).

1. Please be sure to load my CA certificate for communication. This is different than the CA that signed your certificate. I have loaded your CA.

2. If you are an ATNA system that supports HL7 V2, DICOM 3 or Syslog, you will be tested with this test.
2.1 I do not have a tool to test HL7 V3, so I cannot test that
2.2 Your Cipher test for XDS happens with XDS testing
2.3 So, if you are testing HL7 V3 or XDS only, start a copy of the test and remind me.

If you are a server application, make sure you get your endpoints documented in the chat window. Some of you have multiple endpoints listed for HL7 V2 or DICOM, and I do not know which to use.

You should run one instance of this test that includes the results for your entire system. I will grade this one instance as a whole. Do not start one test for HL7 V2 and a separate test for DICOM.

Below is the certificate from my CA

Best regards,

Steve Moore

-----BEGIN CERTIFICATE-----
MIIDjTCCAvagAwIBAgIJANSSKFfFWJ0UMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCTU8xETAPBgNVBAcTCFN0IExvdWlzMRgwFgYDVQQK
Ew9XYXNoaW5ndG9uIFVuaXYxDDAKBgNVBAsTA01JUjEUMBIGA1UEAxMLU3RldmUg
TW9vcmUxHzAdBgkqhkiG9w0BCQEWEHNtb29yZUB3dXN0bC5lZHUwHhcNMDkxMDI0
MDQ0MzIxWhcNMTkxMDIyMDQ0MzIxWjCBjDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
Ak1PMREwDwYDVQQHEwhTdCBMb3VpczEYMBYGA1UEChMPV2FzaGluZ3RvbiBVbml2
MQwwCgYDVQQLEwNNSVIxFDASBgNVBAMTC1N0ZXZlIE1vb3JlMR8wHQYJKoZIhvcN
AQkBFhBzbW9vcmVAd3VzdGwuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDWl0njsJWY6V8tLCFO7E6ig2qYkLG680j/HfGhZwxgMk+wF+dGR+8W21LSZeQN
J6cFLF3f5eiBpPhlBNvPEMb5n28A8mQUbjy2v3YzxOftiK/38X9JkZQh8wg6zlKY
gkAzDrfAfwUtO6fb68J1q0VdYhRGZxx39GApMszN1aVvEQIDAQABo4H0MIHxMB0G
A1UdDgQWBBQjPIfHKzjxbQQ5hbV2p2JJ6wnvPDCBwQYDVR0jBIG5MIG2gBQjPIfH
KzjxbQQ5hbV2p2JJ6wnvPKGBkqSBjzCBjDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
Ak1PMREwDwYDVQQHEwhTdCBMb3VpczEYMBYGA1UEChMPV2FzaGluZ3RvbiBVbml2
MQwwCgYDVQQLEwNNSVIxFDASBgNVBAMTC1N0ZXZlIE1vb3JlMR8wHQYJKoZIhvcN
AQkBFhBzbW9vcmVAd3VzdGwuZWR1ggkA1JIoV8VYnRQwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOBgQBp7Z+4yNHfQjhoON5I3NkT8zoGM2wiZeFFiyZglM1P
2iwcCpyv+EtPCKwXfAMGtsaiCscloOtWERhz3eBXlbl5UjMpe0xFibkvIHAkUyIQ
pL7nCe+C4ed5t7pHwKs7nWAZSXf/iZOz2xfUagK1XjZ2CH34pcDNcNrw77zhKe15
DQ==
-----END CERTIFICATE-----

The material in this message is private and may contain Protected Healthcare Information (PHI). If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.

[Vinh Tan]

hi Steve,

i'm acting as an XDSb Document Consumer. Does it mean that i have to test against a specific registry, repository with a specific patient ?  

--
Vinh TAN

[Moore, Steve]

No, the goal of the Cipher Suite test is to make sure you are performing TLS with the proper cipher suite. These are documented values.

I want to see:
1. We negotiated the TLS handshake
2. We exchanged some message that I can recognize.

So, if you are trying to prove that you are connecting for Syslog, I just need to be able to recognize the message as a syslog message.

For DICOM proof, you can send a C-Echo. For DICOM, you could also establish the pipe and then fail the DICOM Association Negotiation (you propose MR storage, my Order Filler does not support that).

Steve

________________________________________
From: ihe-europe-201...@googlegroups.com [ihe-europe-201...@googlegroups.com] On Behalf Of Vinh Tan [vinh...@gmail.com]
Sent: Wednesday, April 14, 2010 9:01 AM
To: ihe-europe-201...@googlegroups.com
Subject: Re: [ihe-europe-2010-connectathon] ATNA Cipher Test

hi Steve,

i'm acting as an XDSb Document Consumer. Does it mean that i have to test against a specific registry, repository with a specific patient ?

[Walco van Loon]

Hi Steve,

Is there any (good) reason this test doesn't use Eric's CA?

TIA,

Regards,
Walco

> --
> To unsubscribe, reply using "remove me" as the subject.
>

[massimil...@gmail.com]

Hi,

The DICOM services are running on the port 2251 of
gazelle-green.wustl.edu, am I right?

--
Massimiliano Masi

http://www.mascanc.net/~max

[Moore, Steve]

I had a problem this morning, but it should now be repaired.

________________________________________
From: ihe-europe-201...@googlegroups.com [ihe-europe-201...@googlegroups.com] On Behalf Of massimil...@gmail.com [massimil...@gmail.com]
Sent: Thursday, April 15, 2010 2:10 AM

To: ihe-europe-201...@googlegroups.com
Subject: Re: [ihe-europe-2010-connectathon] ATNA Cipher Test

Hi,

--
Massimiliano Masi

http://www.mascanc.net/~max

--
To unsubscribe, reply using "remove me" as the subject.

The material in this message is private and may contain Protected Healthcare Information (PHI). If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.

[massimil...@gmail.com]

It worked perfectly, thanks! ;-)

[Mark Sinke]

Hi all,

I just tried HL7 communication with your server (PDQ). It looks like
that was an effective DoS; I sent a UTF-8 encoded message. The tool did
not like that and now seems to be in an inconsistent state.

@Steve: can you please reset.
@all: apologies - although a little resilience on the tool would also be
appreciated ;-)

See you all in 15 minutes.

Mark Sinke.